보안관리

암호화폐 보안관리

CoinFLEX operates with a 99% cold storage policy, with up to only 1% stored in a secure hot wallet. Our system has been built such that no single person, vault location or device failure could compromise the integrity of user Bitcoins.

All users are required to set up either Authy or YubiKey two-factor authentication meaning that if someone were to find out a user’s username and password they would still not be able to log into their account without the user’s Authy one-time password token or YubiKey.

계정보안 방안

All the information supplied by you is transmitted via Transport Layer Security (TLS) protocol. Once we have received your information, we use strict procedures and security processes to prevent any unauthorized access. Your data can only be accessed by authorized CoinFLEX staff. Two-Factor Authentication: We believe that Two-Factor Authentication (2FA) should be a required standard for any financial services company. Passwords alone are insecure and in order to follow the “something you have” and “something you know” standard of security, we require the use of 2FA for all users, all of the time.

이중인증 장치 (2FA)

 

이중인증 장치 (2FA)는 계정 로그인 과정에서 2가지 이상의 보안 계층을 추가함으로써 본인 인증 절차를 강화하는 방식을 의미합니다. 코인플렉스에서는 2FA의 보안 원칙에 따라, 사용자가 "알고 있는 것 (접근 비밀번호)"과 "소유하고 있는 것 (접근 토큰)"을 통해 계정을 보호합니다. 사용자는 접근 비밀번호에 추가적으로, 소유하고 있는 모바일, 태블릿 PC 또는 YubiKey를 통해 고유 OTP 토큰을 입력해야 정상적으로 로그인 할 수 있습니다.

코인플렉스에서는 현재 세 종류의 2FA 설정 옵션을 제공하고 있습니다:

Google Authenticator

Google Authenticator is a software-based authenticator by Google that implements two-step verification services.

Google Authenticator generates 2-Step Verification codes on your phone. 2-Step Verification provides stronger security for your Google account by requiring a second step of verification when you sign in. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone. For more information visit Google Android or Google iPhone

작은 USB 형태의 1회용 비밀번호 (OTP) 생성 장치입니다. 계정 신청 시에는 “YubiKey” 옵션을 선택 후 YubiKey 토큰 번호를 입력하면 등록이 완료되며, 추후 로그인 시 YubiKey로부터 생성된 보안 토큰을 매번 입력해야 합니다. YubiKey (호환용)는 Amazon에서 구입 가능하며, FIDO U2F 보안 키는 호환되지 않음을 유의해 주시기 바랍니다. 자세한 내용은 YubiKey 홈페이지에서 확인 가능합니다: http://www.yubico.com/support/faq/

사용자의 모바일 번호와 1회용 비밀번호 (One-Time Password: OTP)를 사용하여 계정 소유자를 확인합니다. OTP는 생성된 후 한 차례 사용이 가능하며, 동일한 번호를 통한 재인증이 불가능합니다.

계정 신청 시에는 ‘Authy’ 옵션을 선택 후 국가번호를 제외한 전화번호 (모바일)를 입력하면 됩니다 (예. 01012345678).해당 번호로 Authy 앱 다운로드 및 계정 등록에 대한 문자 메시지가 발송됩니다. 모든 설정이 완료된 이후에는, 매번 로그인 할때마다 Authy 앱에 표시되는 OTP 번호 입력이 요구됩니다. 자세한 내용은 Authy 앱 홈페이지에서 확인 가능합니다: https://www.authy.com/faq.

Authy 앱이 반드시 필요한가요?

시 Authy 앱을 통해 2FA를 설정할 필요는 없습니다. Authy 앱 또는 YubiKey를 통해 2FA 설정이 가능합니다. Authy 앱을 통한 2FA 설정 시 다양한 방식으로 코드를 부여 받을 수 있습니다. 안드로이드 또는 아이폰을 통한 모바일 앱 또는 크롬 확장 프로그램으로 실행되는 데스크탑 (PC) 앱 which runs as a Chrome extension. Authy apps are instant, do not require continuous internet connection and the desktop app enables a seamless two-factor authentication experience. You can find out more about these options on the Authy blog. 본 내용 또한 참고하시기 바랍니다: read more here. A YubiKey is a small USB device that you register with your CoinFLEX account and use every time you sign in. You can find out more about YubiKeys here 및 here. You can purchase a compatible YubiKey Amazon. CoinFLEX supports 44-character YubiKey tokens. If you are a YubiKey VIP user, please use slot 2 to generate a valid token. FIDO U2F Security Key is not a compatible key.

왜 코인플렉스는 모바일 문자 메시지를 통한 2FA 인증을 지원하지 않나요?

There has been an increase in the instances of people having their mobile phone numbers taken over by malicious attackers via social engineering of mobile phone operator staff. In summary, the attack involves a hacker contacting a victim’s phone operator and convincing a call centre agent to transfer the victim’s phone number over to another, hacker controlled, SIM card. From there, the hacker arranges to reset the victim’s email using the SMS recovery option on their email account by which point the hacker often has all the information they need to access the vast majority of the victim’s online accounts. What makes this different from other attacks is that someone could have reasonably good security and it can still be circumvented. Thus, to prevent this on the CoinFLEX platform, we do not support SMS for 2FA sign in.

Authy 앱을 다운로드 후 실행하는 데 왜 ‘Multi-device is disabled’ 오류 메시지를 수신하나요?

“Multi-device is disabled” error usually appears if you have already had an installation of the Authy app present and you no longer have access to the app (e.g. it was on your previous device). To resolve the “Multi-device is disabled” issue, you need to 재설정 with Authy. Once this process is complete you will be able to install a new Authy app which will not show this error. Please note that using the Authy multi-device function will enable all your Authy token accounts on the added devices.

Authy 앱을 설치 후에 코인플렉스가 계정 목록에 표시되지 않는 이유는 무엇인가요?

If CoinFLEX does not appear in your list of accounts within the Authy app, please take the first step of uninstalling the app, reinstalling it, and registering again it with your phone number. Your local install of Authy can become corrupted due to an OS update, factory reset, or something similar. We recommend installing Authy on another device, like a laptop or tablet, to assess if the problem is related to Authy or your device. The Authy Chrome App works with Windows, Linux and Mac and can be 설치하기. After verifying the new device works, please reinstall Authy on your old device and the apps will sync. If these steps do not work, please try removing all previously registered devices on your Authy account listed under settings, and then reinstall the app. You may be required to clear all device registrations on stored on Authy’s server. To do this, use this link. This reset will take 24 hrs and cannot be accelerated, so this action should only be taken as a last resort if an alternate device will not work.

등록 SMS 토큰을 수신하지 못하는 경우에는 어떻게 해야 하나요?

An SMS token is sent only during the Authy registration stage during the application process for a CoinFLEX account. An SMS is not sent for signing in or resetting a password. If you’ve been using SMS to sign in to your CoinFLEX account, you will be required to Authy 앱 on your smartphone or computer (as a Chrome extension) and register it with the same phone number you have been receiving the SMS on. CoinFLEX will appear on your list of accounts without the need to type codes or use QR codes. SMS is a best effort protocol, meaning your carrier will do it’s best effort to deliver the message to you. High network traffic or SPAM filters could prevent you from receiving the registration text message.

If you have not received the SMS, please follow these steps:

  1. Verify that you have entered your phone number correctly.

  2. Confirm that you are using a web browser that supports SMS requests.

  3. Install the dedicated App: opening https://www.authy.com/install/ within your phone or computer browser will show you if there is an App for your device. You must enter the same phone number you used when applying for your CoinFLEX account. If you see CoinFLEX on the list of your Authy accounts, you can use the token from the App instead of the SMS token.

Authy 토큰 사용 시 발생하는 ‘Invalid’ 오류는 무엇인가요?

If you have not received the SMS, please follow these steps:

  1. You’ve entered spaces with the token (either between characters or around the token). The token consists of characters with no spaces.

  2. You’ve used a token assigned to a different account (either not a CoinFLEX Authy token or a CoinFLEX token from an App registered with a different Phone Number)

  3. You are attempting to use a token which is not the most recently generated.

    The token has expired (tokens are valid for 20 sec).